《電子技術(shù)應(yīng)用》
您所在的位置:首頁 > 其他 > 设计应用 > 免于同意之合同所必需规则的原理探究与落地适用
免于同意之合同所必需规则的原理探究与落地适用
网络安全与数据治理
伍旋航
(厦门大学法学院,福建厦门361005)
摘要: 作为“同意例外”情形之一的合同所必需规则为个人信息保护与合理利用的动态利益平衡提供了规范依据。依据《个人信息保护法》第13条第1款第2项的规定,合同所必需规则包含两种情形:一是个人作为一方当事人与作为另一方当事人的处理者订立合同所必需;二是上述双方主体为履行合同所必需。《个人信息保护法》设立合同所必需规则并无“架空”告知同意规则之意,处理目的、处理范围以及处理场景可作为合同所必需规则的三层条件限定。据此,从常见的个人信息处理场景出发,对合同所必需规则的适用展开进行了列举。此外,还应从法律效果上准确把握合同所必需规则。首先,合同所必需规则并不排斥其他合法性基础的适用。其次,适用合同所必需规则可豁免同意征求,但不及于“重新取得同意”与“撤回同意”的情形。再而,合同所必需规则仅豁免处理者的同意征求义务,处理者仍需遵守个人信息处理规则。最后,应明晰合同所必需规则的适用多为个人信息被处理者收益。
中圖分類號:D92 文獻(xiàn)標(biāo)識碼:ADOI: 10.19358/j.issn.2097-1788.2024.02.012
引用格式:伍旋航.免于同意之合同所必需規(guī)則的原理探究與落地適用[J].網(wǎng)絡(luò)安全與數(shù)據(jù)治理,2024,43(2):78-85.
Exploring the rationale and practical application of the rules necessary for a contract without consent
Wu Xuanhang
(School of Law, Xiamen University, Xiamen 361005, China)
Abstract: As one of the “Consent exceptions”, the rules necessary for a contract provide a normative basis for the dynamic balance between the protection of personal information and the rational use of personal information. Pursuant to Article 13 (1) (2) of the Personal Information Protection Law, the rules necessary for a contract consist of two situations: one is necessary for an individual to enter into a contract as a party to a contract with a processor as a party to the other party, and the other is necessary for the performance of the contract by the abovementioned parties. Personal Information Protection Law sets up the necessary rules of the contract is not “Overhead” informed consent rules meaning, the purpose, scope, and context of the processing can be defined as three levels of conditions for the required rules of the contract. Based on this, this paper enumerates the application of the rules necessary for a contract from the common personal information processing scenarios. In addition, we should grasp the necessary rules of the contract accurately from the legal effect. Firstly, the rules necessary for a contract do not exclude the application of other bases of legality. Secondly, the application of this rules may exempt consent from solicitation, but not in the case of “Re consent” and “Withdrawal of consent”. Moreover, the rules necessary for a contract only exempt the processor from the consent seeking obligation, and the processor is still required to comply with the personal information processing rules. Finally, it should be made clear that the application of the necessary rules of a contract is mostly for the benefit of the person whose personal information is processed.
Key words : personal information processing;basis of legality;rules necessary for a contract;consent to exemptions

引言

《個人信息保護(hù)法》確立了以“告知—同意”為核心的個人信息處理規(guī)則,強(qiáng)調(diào)了個人信息處理中對個人信息主體的權(quán)利保障。同意并非個人信息處理的唯一合法性基礎(chǔ)。《個人信息保護(hù)法》第13條第1款第2項(xiàng)規(guī)定“為訂立、履行個人作為一方當(dāng)事人的合同所必需”(以下簡稱“合同所必需規(guī)則”)同屬個人信息處理的合法性基礎(chǔ)之一。合同所必需規(guī)則借鑒了GDPR第61(b)條的規(guī)定,但國內(nèi)對該規(guī)則的原理內(nèi)涵與具體適用仍不明晰。為更好推動合同所必需規(guī)則的落地適用,本文結(jié)合GDPR第61(b)及相關(guān)規(guī)定,對合同所必需規(guī)則的內(nèi)涵與實(shí)踐適用進(jìn)行了分析。1合同所必需規(guī)則的基本內(nèi)涵 歐盟數(shù)據(jù)保護(hù)委員會曾通過了一項(xiàng)《關(guān)于在向個人信息主體提供在線服務(wù)時根據(jù)GDPR第61(b)條處理個人數(shù)據(jù)的準(zhǔn)則》(2.0版)(以下簡稱《準(zhǔn)則》),上述指南對GDPR第61(b)條對合同所必需規(guī)則的基本內(nèi)涵和適用標(biāo)準(zhǔn)作了詳細(xì)規(guī)定,對理解合同所必需規(guī)則的原理具有重要意義。11設(shè)立合同所必需規(guī)則的考慮個人信息處理的合法性基礎(chǔ)主要有兩大類:一是同意,二是法定許可(又稱“同意例外”)?;谕獾膫€人信息處理體現(xiàn)了對個人同意授權(quán)的嚴(yán)格遵循,是在大數(shù)據(jù)時代賦予個人信息主體的一項(xiàng)自主決定權(quán)利。我國《個人信息保護(hù)法》允許個人信息處理者基于法定許可處理個人信息主要有三個層面的考慮。第一,個人信息來源于個人,但個人信息并非絕對獨(dú)占的。個人信息還承載著除了個人利益之外的社會利益甚至國家利益。因此,特定情形下,個人信息主體需要讓渡其享有的同意授權(quán)的權(quán)利,以實(shí)現(xiàn)不同利益之間的平衡[1]。這一利益平衡理念同樣體現(xiàn)在GDPR,其序言指出“保護(hù)個人數(shù)據(jù)的權(quán)利不是一項(xiàng)絕對權(quán)利,必須考慮其在社會上的作用并應(yīng)當(dāng)根據(jù)比例性原則與其他基本權(quán)利保持平衡?!?/p>


作者信息:

伍旋航

(廈門大學(xué)法學(xué)院,福建廈門361005)


文章下載地址:http://www.ihrv.cn/resource/share/2000005906


weidian.jpg

此內(nèi)容為AET網(wǎng)站原創(chuàng),未經(jīng)授權(quán)禁止轉(zhuǎn)載。

相關(guān)內(nèi)容